2011-10-19 10:00:00
mitre
PUBLISHED
Django before 1.2.7 and 1.3.x before 1.3.1 uses a requests HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.